Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Now that the UK is discussing plans for some form of 3-strikes regime to discourage file-sharing, TechDirt reports that the fans of due process have picked up unlikely allies: the law enforcement and spying establishments fear that a 3-strikes policy would result in far more encryption on the Net, greatly complicating their jobs. "Of course, they're not as concerned about due process and civil rights, as they are about making it more difficult to track down criminals online: 'Law enforcement groups, which include the Serious and Organized Crime Agency and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic. ... A source involved in drafting the Bill said that the intelligence agencies, MI5 and MI6, had also voiced concerns about disconnection. "The spooks hate it," the source said.'" The Times (UK) Online has more details.

They are not concerned for what is good for the people. They don't want the law solely because they are afraid that it will lead to citizens making use of encryption that makes it harder for them to snoop. Pure selfish interest.

When MI5/6 owns your first contact with TOR and you enter "How was London yesterday" in clear text, all the have to wait for is that to exit.
TOR can flash it around the world a few times, when your clear text message returns, they have the IP of both users and the fact they feel the need to use TOR.With the links to your telco, it becomes too easy.

Which is why they don't want everyone using encryption. As long as they can raise a jury of people who don't, they can get by with the "they were using encryption, so they must be doing something wrong" argument, but when the jury is full of people who all use it, then that argument fails and they have to actually work for a living.

To be fair the "UK law enforcement and intelligence services" should not be commenting on due process and civil rights, other than to confirm that they uphold them. It is their job to track criminals, it is our job to dictate the rules they must follow in doing so.

It's not really fair to apportion them with blame for the laziness, apathy and short-sightedness of voters and their elected officials. They're probably even more surprised than we are when their more outlandish proposals actually get approved.

With new roles comes new funding.
New funding means a few token arrests, but a vast backend.
Today it tracks p2p, soon it just tracks.
Like cctv for the IRA is now OCR ed for tax and other revenue options.
As for laziness, apathy and short-sightedness, sure, they sold out to rendition and will be named over time.
Could be a new set of rules.
In the past outlandish proposals could be blocked as MI5/6 knew of the sexual needs, fraud, theft of their political masters and could end a political party for a decad

I encrypt all my HDDs in both my laptop and my computers. With Truecrypt it is as easy as a few clicks, so really there is no reason/not/ to do it.

There are also numerous benefits. I can "wipe" the drive before selling/binning it by simply deleting the encryption key which takes seconds instead of hours for a full format. If my laptop is stolen or my house burgled then my private data will still be safe. Even my USB flash drives are protected that way.

Performance: Have you actually tried it? On a 1.8GHz Pentium M laptop it makes no noticeable difference. The 5400 RPM HDD is still by far the bottleneck.

On a low end low power Pentium Dual Core desktop system I run it consumes about 5% CPU time when transferring a file from one HDD to another with a combined read/write speed of 120MB/sec (i.e. it has to decrypt and then encrypt 60MB of data per second).

As for hiding stuff from potential thieves, that was my point really. It's not just law breakers though, f

Never really understood this "3 strikes and you're out" theory. Law enforcement is too complex to be modelled after the rules of a US sports game. Can somebody explain how this idiotic idea came about, the thinking behind it?

What next? You don't go to jail if you say "Simon says" before committing an offence? Police can't arrest you if you're not touching the ground when they catch up with you?

Well, other than the fact that taking people to court, not to mention the whole annoying thing about having to come up with evidence/proof, is too difficult. So they thought it would be a good idea if they could just bypass the legal system. All that "due process" stuff is too much trouble. It's much easier if they can just kick people off based on accusations.

Well, actually, no. Close, but no. It got started by the only group capable of giving the music industry executives competition in the stupidity race, politicians. Politicians learn very quickly that you can't go wrong by being tough on crime, so every year they enact increasingly medieval laws designed to make the populace think "there, that'll get those criminals off the street!" "Three strikes" originally meant "if you get convicted of three felonies then we'll put you in jail forever."

"Three strikes" sounds good until you fill up the jails and you have to ask the voters for money to build more jails. (The only thing voters hate more than criminals is taxes.) Of course your average politician is unable think past the next election, so the jails filling up with struck-out felons naturally came as a surprise to them.

And of course, once you've made a crime law you can't undo it, no matter how stupid and counter-productive it is, because then your opponent in the next election will accuse you of "being soft on crime."

So, no, it really had nothing to do with being "overly punitive", and that characterization is really not accurate at all.

"It"? If you clarify your antecedent there you'll likely discover that "simplistic and damaging law-making [getting] traction" isn't what you're addressing, though it's what I was addressing. Like AC pointed out.

Otherwise, "a very thinly veiled cheap shot at a certain group of political opponents" deserves some attention here. I can understand your being sensitive to the issue as it seems to be denigrating of your political views. Please believe me that my interest isn't against your politics so much as

I'm not sure which one that is. Maybe you found an F-Scale test? That's outdated. You might try the survey from Altemeyer's paper, I think it's in Chapter 1: http://home.cc.umanitoba.ca/~altemey/ [umanitoba.ca]

"After a three-hour meeting in London, the Featured Artists Coalition, which emerged as a breakaway lobby group in the summer, backed the government's proposed introduction of "technical measures" to combat the rising tide of copyright theft. If they ignore two warning letters, persistent illegal filesharers should have their broadband connections throttled "to a level which would render filesharing of media files impractical while leaving basic email and web access", according to a s

The three strikes idea comes out of of California. The basic idea was that after you committed 3 serious criminal offenses, they were able lock you up for an extended period of time. It first was passed in California, in 1994, long before the internet was popular.

Yeah, sorry about that. I voted on that issue... I had just turned 18/graduated/etc.

If it's any consolation, in the intervening years I've gone from a young starry-eyed liberal democrat through a "damn wasteful people" republican, to a cynical "I'm really tired of this bullshit" Libertarian.-nB

"It's a rule that isn't based on justice but intimidation."
Its truly fun for the Forward Intelligence Teams.http://en.wikipedia.org/wiki/Forward_Intelligence_Team [wikipedia.org]
Note your licence plate number at a few too many protests and find your IP.
As the database would be IP and counter based, just send out a letter and 1+ the strike counter.
Soon the faces on spotter cards of people who might "instigate offences or disorder" http://www.guardian.co.uk/uk/2009/oct/25/spotter-cards [guardian.co.uk]
will be without home networkin

Law enforcement is too complex to be modelled after the rules of a US sports game. Can somebody explain how this idiotic idea came about, the thinking behind it?

If you're a music industry executive who's incapable of rethinking the music industry's failing business model, which do you think is easier - steal an idea from a common past-time or come up with your own idea?

Given that music execs haven't come up with an original idea in decades, the answer should be obvious...

In some US jurisdictions, being convicted of three felony offenses raises the penalty to life imprisonment, as by this point supporters argue that the criminal has repeatedly not rehabilitated and just keeps on committing more crimes. Music executives apparently want something analogous for punishing intellectual property "criminals". A noteworthy difference between the situations, however, is that in the criminal justice case, the penalty kicks in after three felony convictions in a court of law, whereas

Yes, the big idea of "three strikes" laws was that you were dealing with a repeat offender who wasn't at all rehabilitatable, and so the solution was to lock them up for an extended period of time. It was never completely clear if the extended period of time was to give them greater time to rehabilitate, if people were hoping that great prison sentences would serve as an increased deterrent (i.e. "I can't do anything bad because I already have 2 strikes!"), or if the idea was to get dangerous criminals off

It was never completely clear if the extended period of time was to give them greater time to rehabilitate, if people were hoping that great prison sentences would serve as an increased deterrent (i.e. "I can't do anything bad because I already have 2 strikes!"),

A possible "unintended consequence" would be that instead they think "I dosn't matter how bad I am since i'll get life regardless".

No, they are sentenced to a life term for being a habitual criminal who won't reform.

Ummm... not technically. Not legally. You can't sentence someone for "being a bad person". You have to charge a specific crime. Someone gets tried and convicted of one crime, they go to jail, pay their time, and are released. They get convicted of another crime, go to jail, and get released. Those two crimes are done. You can't punish them again.

3 strikes became a cause in the US, during the rise in violent crime as various street gangs warred for control of the crack trade. Essentially cities saw huge increases in crime and policies of the time weren't doing enough to make citizens feel safe. So led by Western states (where voters almost always have some ability to directly pass laws) votors passed laws mandating that for certain types of crimes (normally murder, attempted murder, rape, and armed robbery sometimes others as well) a third convict

3 strikes became a cause in the US, during the rise in violent crime as various street gangs warred for control of the crack trade.

It's not called the "war on (some) drugs" for no reason.

Essentially cities saw huge increases in crime and policies of the time weren't doing enough to make citizens feel safe. So led by Western states (where voters almost always have some ability to directly pass laws)

Since US drug laws are Federal the most effective method was not available.

The impression I've gotten is that some judges (the ones I've heard about have been left-leaning) are too sympathetic to the criminals, and say things like "Well, yes, he did *murder* someone, but he's just a big lovable puppy" (ok, I exaggerate:) ). This was the legislator's attempt to say "While we don't want to take things out of the hands of judges completely, there's a certain point where people should just be locked up".

The impression I've gotten is that some judges (the ones I've heard about have been left-leaning) are too sympathetic to the criminals, and say things like "Well, yes, he did *murder* someone, but he's just a big lovable puppy" (ok, I exaggerate:) ). This was the legislator's attempt to say "While we don't want to take things out of the hands of judges completely, there's a certain point where people should just be locked up".

One reason for locking someone up for life is that they are a danger to the pu

Never really understood this "3 strikes and you're out" theory. Law enforcement is too complex to be modelled after the rules of a US sports game. Can somebody explain how this idiotic idea came about, the thinking behind it?

What next? You don't go to jail if you say "Simon says" before committing an offence? Police can't arrest you if you're not touching the ground when they catch up with you?

Actually, maybe it should be more closely modeled. They should have 'balls' in there too. Like, say you try to download a torrent of Iron Man, and it turns out to be dubbed into Swedish. If that happens 4 times, the MPAA has to send you a free movie of your choice.

Law enforcement groups, which include the Serious and Organised Crime Agency (Soca) and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic. One official said: "It will make prosecution harder because it increases the workload significantly."

One would think that encryption would stop them in their tracks, not just "increase the costs and workload"

IIRC, you are required to turn over keys if asked by the government in the UK, jail time if you don't.

If they're currently trying to figure out who to ask keys from, if everyone does it, workload on figuring out what is malicious and requires them to ask everyone or figure out some way to narrow it down.

Law enforcement groups, which include the Serious and Organised Crime Agency (Soca) and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic. One official said: "It will make prosecution harder because it increases the workload significantly."

One would think that encryption would stop them in their tracks, not just "increase the costs and workload"

Those increased costs and workload are for actually doing "real" police work instead

Encryption simply forces them to tap your keyboard, and the costs of that
are much higher than the costs of running Wireshark on a router somewhere.

Not only that, but it usually requires a much more involved process of those troublesome
warrents and all to get actual wire-tepping done (usually, not always). Curse that due process!

Let's not be too disparaging here, the police sometimes have legitamte interests in information gathering, there really are some people who need to be taken down. It is not their job to
just protect our rights politically, that's our job and the job of the politicians (who epically fail in internet law). It is their job to pr

Even keyboard logging isn't a shoe-in. 90% of the time they're not also monitoring the MOUSE as well. Some programs are now using on-screen keyboards for password entry to get around keyloggers. You can also on many systems pair a key-file with your password. The keyfile needn't necessarily stay on your computer if it's easily retrievable.

For example, you could use a source file from the first release of the Linux kernel as a keyfile. It's easily remembered, and easily retrieved from tons of locations o

My point is, no amount of encryption adds to your physical security.
If they bug your ceiling, they can see you entering the password and doing
all the other things you do with your computer. Hence the encryption does not
make spying impossible, only a lot more expensive, geographically isolated,
and more subject to the due process, as Znork (31774) points out nearby.
IMHO, all the more reasons to use the end-to-end encryption as much as possible.

If commerical encryption were truly unbreakable by these groups, then I'd assume that they would have outlawed their use by now.

They pretty much have. In the UK you are legally obligated to give up your keys if required.

Of course, then comes the question of how they're going to determine if the keys were the real keys... or just to the first layer... or just to the first and second layer... or...

The intelligence agencies would do well to object quite a lot; we still haven't the final mass migration to rubber hose protected encryption and f2f darknets, but it's well on the way. If three-strikes regulation becomes popular, then most of the internet will become pretty opaque to any form of snooping, and any real threats will happily tag along on the mass of ordinary citizens just out to protect their privacy from whatever lobbyist it tugging at the puppet strings of the politicians for the moment.

There are similar dilemmas in law enforcement in North America -- if you won't roll down your window for the police when they pull you over for example, and they force their way into your vehicle, they've just committed (in most cases) an illegal search and everything else becomes fruit of the poison tree*.

Police procedure combined with human rights can in fact hinder investigation of some crimes, but some of us would argue that the rights and

$5 wrench, a $500 bribe, or $5,000 informant is cute
But why not just pay 500,000 and get the shipped consumer grade code altered?
it will last 2-10 years in the real world and the NSA ect will be able to read it in real time.Its MS or Apple consumer quality.
If your using Linux and are just too smart using real encryption, then you get a logger as you glow in the dark.
As for " install a key logger on a criminals computer "...
they might write a few drafts, drafts 1 and 4 point to new ideas, networks,

I'd hazard a guess that the real issue these agencies have is about increased use of anonymous communication networks such as Tor rather than just "encryption" of the content. It's almost a given that widespread adoption of Tor will have two important effects: (1) there will be larger numbers of relay or exit nodes in the network - at present it is suspected that intelligence agencies control a large number of the exit nodes (and possibly relay nodes too) in the network; and (2) greater traffic through the network will make it significantly harder to perform timing attacks on entry and exit from the mix network to correlate traffic and thus break its anonymity.

I use openbsd. The latest version has tor in the ports tree. I expect to try it, but I hear that tor is presently sort of slow.

I have a couple dedicated servers at hosting companies. I have thought about making them tor "nodes", but as best I can figure out, it is a bit of a hassle for the full tor server to coexist with lots of server protocols.

Don't monitor the exit node, no doubt anonymity tech such as onion skinning and the like are useful for moraly dubious things (file sharing, Lolita cartoon porn ), and morally repugnant things (child pornography, coordinating bombings or other attacks), but if just one person succeeds in undermining political censorship, then that justifies it's existence, in my opinion anyways.

....and oops. I just showed this article to a friend who was resistant to using OTR to encrypt his IM communications, even though he had pidgin and could easily turn on OTR. Now he has seen the light and switched on OTR. Thanks UK Police!

Military Intelligence Division 5 and Divsion 6, I believe. MI5 is the UK's version of the FBI, while MI-6 is the UK's version of the CIA. If you listen to bond carefully, you'll usually hear some references to MI6.

As a privacy advocate I recommend that, whenever possible, one should encrypt everything regardless of the sensitivity of the particular data.

This will effectively keep law enforcement from tagging encrypted network traffic as being suspicious because encrypted network traffic will become the norm.

How will the police track down dangerous criminals using the Internet you may ask? My answer would be who cares? In my book criminals have just as much right to privacy as do any law abiding citizen. Plus more

This blatent peice of BBC propaganda from a couple of years back demonises "so called BIT TORRENT FILE SHARING" for encouraging encryption and making illegal wire tapping of UK civilians' data and telephone communications more difficult for the CIA and MI5.
http://www.youtube.com/watch?v=dq2PK2W-vVI [youtube.com]

Then that was necessary for them to do so that we'd think they couldn't crack it. Standard espionage novel fare-let the enemy catch you trying to steal their code machine so they think you need to steal their code machine because you can't crack their code otherwise...

I would certainly expect a side effect of increased **AA-related harassment to be increased use of encryption and anonymizers. My expectation keeps my blood pressure down. Every time I get upset about more ridiculous **AA junk, I consider the probable outcome and how this is all probably a good thing in the long run. While hiding from **AAs, people increase their privacy and make it more difficult for anyone else to eavesdrop at the same time.

This is one reason I think all these countries that are busily setting up mandatory internet filtering are completely defeating themselves.

Right now, 95% of people accessing child porn and the like just post on open unencrypted connections. Stupid - but there you go. Once the connection is filtered and only encrypted connections even work any more they will all become educated about encryption and anonymization sufficient to bypass the filters and 99% of the intelligence sources that are now helping to t

'Law enforcement groups, which include the Serious and Organized Crime Agency and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic.

I like this. In reality, properly-implemented encryption will completely prevent even the most well-funded government agency from monitoring your Internet traffic. But Police and Three Letter Agencies would never admit as much in a press release. Instead, encryption just "increases their costs and workload." Feh.

I think one of the reasons that the average person doesn't care enough about encryption to use it is because they have no idea how effective it is.

Encryption game is fun too.
Its like seeing something of interest on youtube or web 2.0, then getting the ip and paying a visit in full riot gear at 6 am.
Just to have a chat to tell you they know you, what your doing and can come back any time to chat about the "use" of the internet.
You also need a new door, sofa, wall paint, light, computer, modem and an electrician to turn the power back on.
Call it community policing:)